You can set Cross Origin Resource Sharing(CORS) for objects in buckets through the COS Console. COS supports configuring multiple rules to respond to OPTIONS requests. CORS is a mechanism that allows resources at one origin to be requested from another origin through HTTP requests. Origins are deemed different from each other as long as their protocols, domain names or ports are different.
COS can respond to an OPTIONS request for cross-origin access, and return the cross-origin access configuration to the browser based on your CORS rule. However, the server does not check whether the subsequent actual cross-origin request meets the rule. For more details, see Cross-Origin Resource Sharing (CORS) and Setting Cross-Origin Access.
Log in to the COS Console, and then select the Bucket List in the left pane to go to the Bucket List page. Click the bucket of the object for which you want to set CORS to enter the bucket.
Go to Safety management > CORS (Cross-Origin Resource Sharing) Setting, and click Add a Rule.
Add rule information (Fields with * are required). Configuration items are as follows:
Source Origin: The domain names allowed for cross-origin requests.
*is supported, which means all domain names are allowed. Not recommended.
http://*.abc.com. Only one second-level wildcard domain name with only one
*in it is allowed per line.
Operating Methods: GET, PUT, POST, DELETE, and HEAD are supported. Enumeration of one or more methods is allowed for a cross-domain request.
Allow-Headers: Allow-Header is used to notify the server about which custom HTTP request headers are allowed for subsequent requests when an OPTIONS request is sent, such as x-cos-meta-md5.
*to indicate that all headers are allowed if there is no special requirement.
_) are allowed.
Expose-Headers: Expose-Header returns a common header for COS. For more information, see the Common Request Headers. The configuration should be specific to the requirements of application. Etag is recommended. Wildcard is not allowed. Headers are case insensitive, with one header per line.
Timeout Max-Age: Sets the validity period (in seconds) of the results obtained by OPTIONS. The value must be a positive integer, such as 600.
After configuration, click Submit and you will see the CORS rules added. To modify it, click the Modify button.